Atique Orthodontics Reports Potential Breach of Patient PHI

San Antonio-based Atique Orthodontics, P.A., has discovered an unauthorized person gained access to an office computer for a period of just over a month earlier this year.

The unauthorized accessing of the computer first occurred on February 29, 2016., with the remote access possible until March 30, 2016., when the security breach was discovered. During the time that remote access was possible, a server containing the protected health information of orthodontics patients could potentially have been accessed.

Atique Orthodontics has not discovered any evidence to suggest that the protected health information of patients was actually compromised, although the possibility exists that data may have been improperly accessed.

Atique Orthodontics took action to block remote access as soon as the security breach was discovered and there is no further risk of data being accessed by the individual. Atique is in the process of enhancing security and will be implementing further technical controls to prevent similar incidents from occurring in the future.

The server contained highly sensitive data including Social Security numbers, insurance information, and credit card numbers along with personal information including patient names, addresses, telephone numbers, and dates of birth.

In accordance with Health Insurance Portability and Accountability Act Rules, all patients have now been notified of the security breach by mail. Breach notification letters were sent to patients a little over two weeks after the security breach was discovered, well inside the 60-day time limit allowed under HIPAA Rules.

Because highly sensitive data were potentially compromised, Atique Orthodontics is offering all affected patients 12 months of identity theft and fraud resolution services without charge through ID Experts. Patients will also be protected by a $1,000,000 identity theft insurance policy.

To date there have been 30 cases of unauthorized access/disclosure reported to the Department of Health and Human Services’ Office for Civil Rights in 2016 – One more than this time last year. 18 Hacking/IT incidents have been reported in 2016, which is 10 fewer than this time last year. In total, 69 data breaches have been reported to OCR so far in 2016, 18 fewer than this time last year.

About HIPAA Journal

HIPAA Journal provides the most comprehensive coverage of HIPAA news anywhere online, in addition to independent advice about HIPAA compliance and the best practices to adopt to avoid data breaches, HIPAA violations and regulatory fines. HIPAA Journal's goal is to assist HIPAA-covered entities achieve and maintain compliance with state and federal regulations governing the use, storage and disclosure of PHI and PII.